With this information we wish to inform you about how we process the personal data of users (hereinafter "Personal Data") who consult the website www.archivioapostolicovaticano.va (hereinafter "Portal").
Below you will find information on how we collect, use and transfer the User's Personal Data (hereinafter "User"), or all that information that can be used to identify or contact the User.
1. DATA CONTROLLER
The Data Controller is the Archivio Apostolico Vaticano (hereinafter "AAV") - Cortile del Belvedere, 00120 – Vatican City, e-mail: firstname.lastname@example.org.
2. PERSONAL DATA SUBJECT OF THE PROCESSING
The Personal Data being processed will consist of data suitable for making the User identified or identifiable. In particular, the Personal Data processed through the Portal are as follows:
a. Navigation data
During their normal operation, the IT systems and software procedures used to operate the Portal acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by the User who connect to the Portal, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Portal and to check its correct functioning, to identify anomalies and / or abuses. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Portal or third parties.
b. Data voluntarily provided by the User
In the use of particular services (e.g. newsletter, request for admission, request for photo reproduction), the User may be required to provide additional Personal Data such as the name and surname and the email address that the User will voluntarily provide if he wishes to use these services.
3. LEGITIMACY OF THE PROCESSING OF YOUR PERSONAL DATA
The information we collect mostly comes directly from the User: it was voluntarily provided to us or was necessary for the provision of our services.
The provision of Personal Data, which is used exclusively for the purposes listed in point 2. b., Is optional.
4. PURPOSE AND METHOD OF TREATMENT
The processing of the User's Personal Data, with specific consent, where necessary, has the following purposes:
a. allow navigation and consultation of the Portal and its contents;
b. allow the provision of the requested services (e.g. newsletter);
c. ensure the conservation, security and custody of data;
d. fulfill legal obligations;
e. guarantee security and prevent fraudulent conduct.
The AAV will not process the information provided by the User for purposes other than those explicitly indicated above.
Furthermore, the AAV will not make automated decisions based on the information provided.
All Personal Data collected are processed with automated and manual tools for the time strictly necessary to achieve only the purposes indicated above and in order to guarantee their integrity, confidentiality and security.
5. RECIPIENTS OF THE DATA
Personal Data may be communicated by the AAV to other public and private subjects only by virtue of the law, regulation and / or related order of the Judicial Authority.
The Personal Data collected are processed by specifically authorized personnel (employees of the AAV or third parties in charge of the maintenance and development services of the systems used for the computerized management of Personal Data as well as third parties who manage the management of network traffic) exclusively for purposes related to the exercise of their functions. They act on the basis of specific instructions provided regarding the purposes and methods of the processing itself in compliance with the confidentiality and security of the Personal Data themselves and in relation to the services to which they are assigned.
Some of the User's Personal Data may be shared and / or transferred, again for the processing purposes referred to in the previous point 4. with recipients who are outside the Vatican City State. In any case, the AAV will put in place all the appropriate precautions and rules of conduct useful for preserving the integrity and confidentiality of the data according to the applicable regulations.
6. COOKIES AND OTHER TRACKING SYSTEMS
The AAV uses its own session technical cookies (non-persistent) strictly limited to what is necessary for safe and efficient navigation of the Portal. The AAV also uses third-party cookies for data analysis.
Please refer to the relevant pages of Google terms of service for further information.
7. STORAGE, SECURITY AND DATA CUSTODY
The AAV keeps the collected Personal Data, accurately, completely and updated, as long as these are necessary for the provision of the services to which the Personal Data are linked.
Specifically, as regards the newsletter, personal data are kept for the duration of the subscription to the same.
Browsing data only will be kept for a period of 12 months for ascertaining responsibility in case of hypothetical computer crimes against the Portal or third parties in the event of a request by the competent Police Authorities.
We can assure you that all the necessary steps have been taken to guarantee the security of the Personal Data to the User once they have been collected, through the use of computer systems with limited access and the use of protected storage solutions according to the standards of security provided for the security measures indicated by best practices.
The AAV adopts specific security measures to prevent data loss, illicit or incorrect use and unauthorized access.
8. INTERESTED PARTIES RIGHTS
Users to whom the Personal Data refer, in their capacity as interested parties, can at any time exercise:
- the right of access or to have a copy of the Personal Data, allowing you to know the type of User Personal Data processed by the DPC and the characteristics of the treatment that is performed;
- the right to request the correction of Personal Data in the event of omissions or errors;
- cancellation or limitation of treatment;
- the right to object to the processing.
The interested party also has the right to withdraw / revoke his consent at any time, without however affecting the lawfulness of the treatment based on the consent given before the revocation / withdrawal.
9. METHOD OF EXERCISE OF THE RIGHTS OF THE INTERESTED PARTY AND DELETION OF OPTIONAL SERVICES
For the exercise of the rights, referred to in point 8, the interested party may contact the DPC by sending an email to email@example.com with the subject "PERSONAL DATA".
If the User has subscribed to the newsletter service, he can at any time withdraw his consent by clicking on the "Unsubscribe Newsletter" link located at the bottom of the communications of the information received and personal data will be deleted.